ScaredEitherWay Posted August 18, 2009 Share Posted August 18, 2009 (edited) Mr Gonzalez broke into three large card processing systems: - Hartland, a card processing company - 7/11 convenience stores - Hannifords, a national supermarkets They circumvented firewalls and uploaded the details of 130,000,000 cards to servers in the US and other countries. They planned to sell it on to steal money from the card holders And there's more still being uncovered http://news.bbc.co.uk/1/hi/world/americas/8206305.stm Edited August 18, 2009 by ScaredEitherWay Quote Link to comment Share on other sites More sharing options...
Guest sillybear2 Posted August 18, 2009 Share Posted August 18, 2009 US man 'stole 130m card numbers' I wouldn't want to be standing behind him at the check outs. Quote Link to comment Share on other sites More sharing options...
D.C. Posted August 18, 2009 Share Posted August 18, 2009 Mr Gonzales used a complicated technique known as an "SQL injection attack" to penetrate networks' firewalls and steal information, the US Department of Justice said Unforgivable. SQL injection is very old and one of the most basic security exploits going, unbelievable that the code protecting 130 million credit cards is so poorly written. Quote Link to comment Share on other sites More sharing options...
Guest KingCharles1st Posted August 18, 2009 Share Posted August 18, 2009 Unforgivable. SQL injection is very old and one of the most basic security exploits going, unbelievable that the code protecting 130 million credit cards is so poorly written. Credit cards should be banned- then this sort of thing could not happen. Quote Link to comment Share on other sites More sharing options...
arby1 Posted August 18, 2009 Share Posted August 18, 2009 Credit cards should be banned- then this sort of thing could not happen. 2 days ago the missus's DEBIT card had 2,500 charged to it on 4 separate transactions. what do you think the chances are of having it refunded? hsbc won't tell us that! and does that mean we can now blame this guy? makes a better story for us! Quote Link to comment Share on other sites More sharing options...
porca misèria Posted August 18, 2009 Share Posted August 18, 2009 SQL injection is very old and one of the most basic security exploits going, unbelievable that the code protecting 130 million credit cards is so poorly written. Perfectly believable. Banks won't employ competent IT developers: "you're over-qualified, you'd be bored by it." They'll employ someone who is capable of deploying a bog-standard packet-filtering firewall (and a shrinkwrapped antivirus if on windoze), and then they're secure, innit? SQL injection, being an application-layer thing, is unaffected. They might even go so far as to deploy an application-layer firewall such as mod_security for Apache, but that's only as good as your ruleset, and that can only be reactive. Like that shrinkwrapped antivirus, but without the benefit of a centralised authority that gets to see threats as they happen. Competent programmers who understand basic rules like sanitising all untrusted input (what the Perl folks call untainting)? Nope, Overqualified .... Quote Link to comment Share on other sites More sharing options...
Guest skullingtonjoe Posted August 18, 2009 Share Posted August 18, 2009 Perfectly believable. Banks won't employ competent IT developers: "you're over-qualified, you'd be bored by it." They'll employ someone who is capable of deploying a bog-standard packet-filtering firewall (and a shrinkwrapped antivirus if on windoze), and then they're secure, innit? SQL injection, being an application-layer thing, is unaffected.They might even go so far as to deploy an application-layer firewall such as mod_security for Apache, but that's only as good as your ruleset, and that can only be reactive. Like that shrinkwrapped antivirus, but without the benefit of a centralised authority that gets to see threats as they happen. Competent programmers who understand basic rules like sanitising all untrusted input (what the Perl folks call untainting)? Nope, Overqualified .... I doubt a lot of people out of uni would even know what PERL was - they`d probably think it`s some kind of `bling` you buy for your trophy girlfriend after your latest C# project! Quote Link to comment Share on other sites More sharing options...
Guest DissipatedYouthIsValuable Posted August 18, 2009 Share Posted August 18, 2009 I doubt a lot of people out of uni would even know what PERL was - they`d probably think it`s some kind of `bling` you buy for your trophy girlfriend after your latest C# project! No real coder has a girlfriend. Very inconsistent interface which won't respond to debugging. Quote Link to comment Share on other sites More sharing options...
Snafu Posted August 18, 2009 Share Posted August 18, 2009 No real coder has a girlfriend.Very inconsistent interface which won't respond to debugging. (my brother is a firewall programmer, so I am geek by association ) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.